Unfortunately (for Mac sysadmins), Remote Login—as Apple refers to it—comes turned off, by default (fortunate for security admins). Turning the service on involves very little manual intervention, but when you multiply that by the number of Macs to administer, the task becomes incredulously time-intensive.

On the plus side, there is a command that can be executed to turn on the SSH service, and another couple of commands can optionally configure the service and secure it so that only those requiring secure access will be authorized to do so. Let's take a closer look.

Enabling SSH

To enable SSH, enter the command below into Terminal.app, and press Enter to execute it. Once completed, the SSH service will be enabled for all users on that authenticate on that Mac.

systemsetup -setremotelogin on

Creating an SSH access group

With SSH enabled, secure access is provided to the Mac. However, if anyone can access your computer remotely, how secure is it? Not very, I'm afraid. Fortunately, this too can be changed by creating an SSH access group, where members will be provided exclusive authorization to remotely access your Mac.

dseditgroup -o create -q com.apple.access_ssh

Add users (or groups) to the SSH access group

By running this command, users and/or groups that are to be granted SSH access to machines will be allowed to do so, while all other users will be expressly denied access to connect or login remotely. In the example below, the admin group has been granted SSH access.

dseditgroup -o edit -a admin -t group com.apple.access_ssh

Since this is a command to be executed remotely, it requires some way to be executed or kicked off in order for it to process on multiple computers. While each organization may have different management suites in place, Apple Remote Desktop, DeployStudio tasks, OS X Server custom configurations, or traditional scripts will all equally get the job done and secure access to SSH.

Related Topics:

About Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...

Full Bio

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.